From: nolade Date: Wed, 23 Apr 2025 20:38:01 +0000 (-0400) Subject: Added auditing info from customer doc and wiki. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f91be04b4c1c991f7885be1d840e028027bc609;p=thirdparty%2Ffreeradius-server.git Added auditing info from customer doc and wiki. Updated Optimization directory structure to standard format / index file. Added links to tools man pages included with antora docs. --- diff --git a/doc/antora/modules/ROOT/nav.adoc b/doc/antora/modules/ROOT/nav.adoc index 77bc0580d7..46906a3bcc 100644 --- a/doc/antora/modules/ROOT/nav.adoc +++ b/doc/antora/modules/ROOT/nav.adoc @@ -1,7 +1,7 @@ * xref:index.adoc[Introduction] ** xref:getstarted.adoc[Getting Started] *** xref:debugging/radiusd_X.adoc[Debugging] -*** xref:debugging/startup.adoc[Startup] +*** xref:debugging/startup.adoc[Startup ] *** xref:debugging/processing.adoc[Processing Packets] *** xref:gethelp.adoc[Getting Help] ** xref:bestpractices.adoc[Best Practices] diff --git a/doc/antora/modules/howto/nav.adoc b/doc/antora/modules/howto/nav.adoc index a8b98bb0e3..a492d37286 100644 --- a/doc/antora/modules/howto/nav.adoc +++ b/doc/antora/modules/howto/nav.adoc @@ -92,15 +92,16 @@ *** xref:vendors/cisco.adoc[Cisco] *** xref:vendors/proxim.adoc[ProxIM] -** xref:monitoring/optimize.adoc[Optimization] -*** xref:monitoring/index.adoc[Monitoring] -**** xref:monitoring/logging_examples.adoc[Log Examples] -**** xref:monitoring/statistics.adoc[Server Statistics] +** xref:optimization/index.adoc[Optimization] +*** xref:optimization/auditing.adoc[Auditing] +*** xref:optimization/monitoring/index.adoc[Monitoring] +**** xref:optimization/monitoring/logging_examples.adoc[Log Examples] +**** xref:optimization/monitoring/statistics.adoc[Server Statistics] *** xref:tuning/performance-testing.adoc[Performance Testing] -*** xref:monitoring/tools/index.adoc[Tools] -**** xref:monitoring/tools/radclient_tool.adoc[Radclient] -**** xref:monitoring/tools/radsniff_tool.adoc[Radsniff] -**** xref:monitoring/tools/radmin_tool.adoc[Radmin] +*** xref:optimization/tools/index.adoc[Tools] +**** xref:optimization/tools/radclient_tool.adoc[Radclient] +**** xref:optimization/tools/radsniff_tool.adoc[Radsniff] +**** xref:optimization/tools/radmin_tool.adoc[Radmin] *** xref:tuning/tuning_guide.adoc[Tuning Guide] diff --git a/doc/antora/modules/howto/pages/index.adoc b/doc/antora/modules/howto/pages/index.adoc index 22928913c1..fb89ab8472 100644 --- a/doc/antora/modules/howto/pages/index.adoc +++ b/doc/antora/modules/howto/pages/index.adoc @@ -19,7 +19,7 @@ xref:protocols/index.adoc[Protocols] ***** xref:protocols/dhcp/policy_common_options.adoc[Common options] ***** xref:protocols/dhcp/policy_network_options.adoc[Network options and IP pool selection] ***** xref:protocols/dhcp/policy_subnet_options.adoc[Subnet options] -***** xref:protocols/dhcp/policy_device_options.adoc[Device, class and group options] +***** xref:protocols/dhcp/policy_device_options.adoc[Device, class and group options] ***** xref:protocols/dhcp/policy_ippool_access.adoc[IP pool access restriction] ** Security Certificates @@ -32,8 +32,8 @@ xref:protocols/index.adoc[Protocols] *** xref:vendors/proxim.adoc[ProxIM] ** Optimization -*** xref:monitoring/index.adoc[Monitoring] -**** xref:monitoring/statistics.adoc[Server Statistics] +*** xref:optimization/monitoring/index.adoc[Monitoring] +**** xref:optimization/monitoring/statistics.adoc[Server Statistics] *** xref:tuning/performance-testing.adoc[Performance Testing] *** xref:tuning/tuning_guide.adoc[Tuning Guide] diff --git a/doc/antora/modules/howto/pages/optimization/auditing.adoc b/doc/antora/modules/howto/pages/optimization/auditing.adoc new file mode 100644 index 0000000000..3b76f95203 --- /dev/null +++ b/doc/antora/modules/howto/pages/optimization/auditing.adoc @@ -0,0 +1,5 @@ += Auditing + +Auditing refers to the proactive analysis of accounting logs and other data sources. This ongoing process makes up part of the maintenance and xref:optimization/monitoring/index.adoc[monitoring] of the entire system. Auditing examines data to comprehend user patterns and system behavior. These insights detail how users interact with the network after successful authentication. Audits help to identify unauthorized access, policy violations, compromised NASes, and other anomalies. + +For example, a user manages to override site policy and log into a particular server. The site policy failed to deny that user access. by performing an audit of the AAA records, you would see that policy violation. The audit shows that the site policy needs an update by the network administrator to prevent future policy violations. Subsequent audits would track long-term behavior ensuring that the policy is being enforced. diff --git a/doc/antora/modules/howto/pages/monitoring/optimize.adoc b/doc/antora/modules/howto/pages/optimization/index.adoc similarity index 83% rename from doc/antora/modules/howto/pages/monitoring/optimize.adoc rename to doc/antora/modules/howto/pages/optimization/index.adoc index 28fd09fb34..5ba492fe1a 100644 --- a/doc/antora/modules/howto/pages/monitoring/optimize.adoc +++ b/doc/antora/modules/howto/pages/optimization/index.adoc @@ -4,7 +4,7 @@ Once the FreeRADIUS server is successfully installed, optimizing your eco-system It can be challenging to identify issues or what component needs adjusting. To start, you need to gather statistics through monitoring to identify the bottlenecks in your system. This important activity allows you to determine the most critical areas for improvement. -== Why Optimize? +== Why optimize? A poorly optimized FreeRADIUS server can lead to slow authentication times, timeouts, and even system instability. Enhance your FreeRADIUS server’s performance, reliability, and resource efficiency to enhance the user experience while maintaining a secure environment. @@ -16,23 +16,27 @@ Optimization ensures fast authentication and accounting processes, preventing de Optimizing resources and configurations helps maintain a stable and robust RADIUS server, reducing the risk of crashes or outages. Optimizing FreeRADIUS helps ensure consistent and reliable network access, minimizing disruptions. -=== Resource Efficiency +=== Resource efficiency Optimizing resource usage (CPU, memory, disk I/O) allows you to run FreeRADIUS effectively even on limited hardware. If FreeRADIUS is integrated with a datastore, implementing well-structured querires prevents bottlenecks. The optimization section is organized by the following topic areas: -== xref:monitoring/index.adoc[Monitoring] +== xref:optimization/auditing.adoc[Auditing] + +Auditing provides valuable insights into user behavior, policy enforcement, and potential security risks. Auditing is the basis of robust network security and management processes. + +== xref:optimization/monitoring/index.adoc[Monitoring] Monitoring the FreeRADUS server and network components includes observing the AAA processes and how the overall system is operating. Several logging options help the administrator generate statistics to determine where issues are occurring such as slow connectivity or authentications. -FreeRADIUS is packaged with a xref:monitoring/statistics.adoc[virtual statistics server] that enables you to select what you want to watch or help find a problem. +FreeRADIUS is packaged with a xref:optimization/monitoring/statistics.adoc[virtual statistics server] that enables you to select what you want to watch or help find a problem. == xref:tuning/performance-testing.adoc[Performance Testing] Performance testing helps you figure out what the maximum loads can be without affecting operations. As your network grows, a non-optimized server may struggle to handle the increased authentication and accounting loads, especially during peak hours. -== xref:monitoring/tools/index.adoc[Tools] +== xref:optimization/tools/index.adoc[Tools] FreeRADIUS is packaged with some useful tools such as radsniff and radclient that are used in testing, monitoring, and gathering statistics. These tools give you a top-level view of the health of your server, clients, and processess. diff --git a/doc/antora/modules/howto/pages/monitoring/index.adoc b/doc/antora/modules/howto/pages/optimization/monitoring/index.adoc similarity index 81% rename from doc/antora/modules/howto/pages/monitoring/index.adoc rename to doc/antora/modules/howto/pages/optimization/monitoring/index.adoc index 7246576d1f..ddbd44abee 100644 --- a/doc/antora/modules/howto/pages/monitoring/index.adoc +++ b/doc/antora/modules/howto/pages/optimization/monitoring/index.adoc @@ -15,9 +15,9 @@ Monitoring is organized into the following sections: Checking the running service can include the following: -* Ensuring the daemon is still running, i.e. process monitoring -* Sending regular RADIUS authentication or accounting requests and checking they are correctly responded to -* Sending Status-Server RADIUS requests +* Ensuring the daemon is still running, i.e. process monitoring. +* Sending regular RADIUS authentication or accounting requests and checking they are correctly responded to. +* Sending Status-Server RADIUS requests. Within a proxy environment FreeRADIUS needs to know if upstream proxies are available. It can do this itself by issuing request as outlined in the options above. @@ -38,9 +38,9 @@ FreeRADIUS server. FreeRADIUS has many options for being able to generate and store logs, including the following: -* Main daemon logging, configured in xref:reference:raddb/radiusd.conf.adoc[`radiusd.conf`] -* Line-based text logging, using xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`] -* Detailed RADIUS packet logs, using xref:reference:raddb/mods-available/detail.adoc[`rlm_detail`] +* Main daemon logging, configured in xref:reference:raddb/radiusd.conf.adoc[`radiusd.conf`]. +* Line-based text logging, using xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`]. +* Detailed RADIUS packet logs, using xref:reference:raddb/mods-available/detail.adoc[`rlm_detail`]. As well as recording direct to disk, the options above can be sent via a local syslog server, which opens up many opportunities for central @@ -49,9 +49,9 @@ logging. It is possible to integrate FreeRADIUS into other more complicated logging systems, some options may include: -* To CSV files, for example via xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`] -* Writing entries to an SQL database using xref:reference:raddb/mods-available/sql.adoc[`rlm_sql`] -* Into a log management system such as Elasticsearch or Graylog +* To CSV files, for example via xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`]. +* Writing entries to an SQL database using xref:reference:raddb/mods-available/sql.adoc[`rlm_sql`]. +* Into a log management system such as Elasticsearch or Graylog. == Statistics gathering @@ -62,5 +62,5 @@ for trend analysis, as well as an indication of system operation. Statistics are usually gathered in two ways: -* FreeRADIUS xref:monitoring/statistics.adoc[internal statistics] -* Analysing logs with some external tool +* FreeRADIUS xref:optimization/monitoring/statistics.adoc[internal statistics]. +* Analyzing logs with some external tool. diff --git a/doc/antora/modules/howto/pages/monitoring/logging_examples.adoc b/doc/antora/modules/howto/pages/optimization/monitoring/logging_examples.adoc similarity index 100% rename from doc/antora/modules/howto/pages/monitoring/logging_examples.adoc rename to doc/antora/modules/howto/pages/optimization/monitoring/logging_examples.adoc diff --git a/doc/antora/modules/howto/pages/monitoring/statistics.adoc b/doc/antora/modules/howto/pages/optimization/monitoring/statistics.adoc similarity index 99% rename from doc/antora/modules/howto/pages/monitoring/statistics.adoc rename to doc/antora/modules/howto/pages/optimization/monitoring/statistics.adoc index 5acc075451..040ab045c5 100644 --- a/doc/antora/modules/howto/pages/monitoring/statistics.adoc +++ b/doc/antora/modules/howto/pages/optimization/monitoring/statistics.adoc @@ -1,4 +1,4 @@ -= Server statistics += Server Statistics FreeRADIUS collects statistics internally about certain operations it is doing, such as the number of authentication and accounting @@ -6,7 +6,7 @@ requests, how many accepts and failures, and server queue lengths. These can be queried by sending a specially-crafted RADIUS `Status-Server` packet to a "status" virtual server. -== Configuring the status virtual server +== Configure the status virtual server The `status` virtual server is present in the default configuration, but needs to be enabled before it can be used. To @@ -37,7 +37,7 @@ local host only. Having enabled and configured the status server, restart FreeRADIUS to make it active. -== Querying the server +== Query the server To get the current statistics from the server, send a RADIUS request of type `Status-Server` to the status port. Unless edited diff --git a/doc/antora/modules/howto/pages/monitoring/tools/index.adoc b/doc/antora/modules/howto/pages/optimization/tools/index.adoc similarity index 86% rename from doc/antora/modules/howto/pages/monitoring/tools/index.adoc rename to doc/antora/modules/howto/pages/optimization/tools/index.adoc index 9779260ea1..c73483e18a 100644 --- a/doc/antora/modules/howto/pages/monitoring/tools/index.adoc +++ b/doc/antora/modules/howto/pages/optimization/tools/index.adoc @@ -4,11 +4,11 @@ FreeRADIUS comes with a set of useful tools that assist you in monitoring and co Each tool has a specific purpose and is designed to work seamlessly together. These tools include: -== xref:monitoring/tools/radclient_tool.adoc[radclient] +== xref:optimization/tools/radclient_tool.adoc[radclient] Radclient enables you to setup mock clients to perform basic authentication testing. The radius.client file is used to popoulate the list that is read by the radclient tool. -== xref:monitoring/tools/radsniff_tool.adoc[radsniff] +== xref:optimization/tools/radsniff_tool.adoc[radsniff] Radsniff allows you to inspect and process any type of RADIUS packet that's on the network. This tool can be used in conjunction with th radclient tool and as well with performance testing. -== xref:monitoring/tools/radmin_tool.adoc[radmin] +== xref:optimization/tools/radmin_tool.adoc[radmin] Radadmin is a administration tool designed to administer and interact with a running FreeRADIUS server. It enables users to monitor statistics, view configuration, and make changes without the need to restart the server. FreeRADIUS Server is an that connects to the control socket of a running server, providing a command-line interface to manage it. diff --git a/doc/antora/modules/howto/pages/monitoring/tools/radclient_tool.adoc b/doc/antora/modules/howto/pages/optimization/tools/radclient_tool.adoc similarity index 88% rename from doc/antora/modules/howto/pages/monitoring/tools/radclient_tool.adoc rename to doc/antora/modules/howto/pages/optimization/tools/radclient_tool.adoc index 7ff07274fe..dd06c74a59 100644 --- a/doc/antora/modules/howto/pages/monitoring/tools/radclient_tool.adoc +++ b/doc/antora/modules/howto/pages/optimization/tools/radclient_tool.adoc @@ -1,7 +1,9 @@ -= Using radclient += Radclient -Policy issues for basic authentication protocols such as PAP, CHAP and MSCHAP, as well as for accounting and CoA/Disconnect requests, can be investigated using the radclient command whilst the server is in debug mode. -Firstly, create an authentication packet definition by specifying its attributes. For example: +Policy issues for basic authentication protocols such as PAP, CHAP and MSCHAP, as well as for accounting and CoA/Disconnect requests, can be investigated using the radclient command while the server is in debug mode. +First, create an authentication packet definition by specifying its attributes. See the xref:reference:man/radclient.adoc[radclient] man page for more details. + +For example: ``` nwkrad@radius-fe-01$ cat < auth_request.txt diff --git a/doc/antora/modules/howto/pages/monitoring/tools/radmin_tool.adoc b/doc/antora/modules/howto/pages/optimization/tools/radmin_tool.adoc similarity index 94% rename from doc/antora/modules/howto/pages/monitoring/tools/radmin_tool.adoc rename to doc/antora/modules/howto/pages/optimization/tools/radmin_tool.adoc index 06479bdb43..431a8d4204 100644 --- a/doc/antora/modules/howto/pages/monitoring/tools/radmin_tool.adoc +++ b/doc/antora/modules/howto/pages/optimization/tools/radmin_tool.adoc @@ -1,6 +1,6 @@ -= Using radmin += Radmin -It's possible to retrieve debug logs from FreeRADIUS while it is running in normal multi-threaded mode by using the radmin tool. This has the benefit of not interrupting the normal operations of FreeRADIUS server. It also allows for selective logging of packets which match a specified criteria. +It's possible to retrieve debug logs from FreeRADIUS while it is running in normal multi-threaded mode by using the radmin tool. This has the benefit of not interrupting the normal operations of FreeRADIUS server. It also allows for selective logging of packets which match a specified criteria. See the xref:reference:man/radmin.adoc[radmin] man page for more details. == Getting Started diff --git a/doc/antora/modules/howto/pages/monitoring/tools/radsniff_tool.adoc b/doc/antora/modules/howto/pages/optimization/tools/radsniff_tool.adoc similarity index 97% rename from doc/antora/modules/howto/pages/monitoring/tools/radsniff_tool.adoc rename to doc/antora/modules/howto/pages/optimization/tools/radsniff_tool.adoc index e66682a727..cce3e54cd4 100644 --- a/doc/antora/modules/howto/pages/monitoring/tools/radsniff_tool.adoc +++ b/doc/antora/modules/howto/pages/optimization/tools/radsniff_tool.adoc @@ -1,8 +1,8 @@ -= Using radsniff += Radsniff The radsniff tool is extremely useful for debugging RADIUS packet flows, either by monitoring the live network interfaces or by processing a PCAP-based traffic dump. -To see the different switches that can be used, see the xref:reference:man/radsniff.adoc[radsniff] man page included with this documentation. +See the xref:reference:man/radsniff.adoc[radsniff] man page for more details. == Packet capture processing diff --git a/doc/antora/modules/howto/pages/tuning/performance-testing.adoc b/doc/antora/modules/howto/pages/tuning/performance-testing.adoc index 02b30f6697..22fda3828b 100644 --- a/doc/antora/modules/howto/pages/tuning/performance-testing.adoc +++ b/doc/antora/modules/howto/pages/tuning/performance-testing.adoc @@ -1,4 +1,4 @@ -= RADIUS Test Procedures += Performance Testing == Introduction